ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roger Vaughn <rvau...@seaconinc.com>
Subject Re: FTP & JSPC
Date Tue, 01 Aug 2000 15:10:43 GMT
True.  This scenario is always difficult because any encryption you use
has to be reversible.  The only way to fully protect data then is with a
private key known only to the user.  This has two problems in the Ant
world - first, it requires interaction, which doesn't allow automated
builds, and second, for this case, it means you have to enter a password
to decode your passwords.  Kinda silly.  :-)  You can also do some magic
with certificates, but managing those isn't trivial.

For at least the first pass, I'm considering exactly the sort of thing
CVS uses - no, you can't truly call it encryption, but it at least
protects your passwords from casual viewers - and lets you protect the
password file itself on systems that support that sort of thing.  Rather
than the CVS encoding, I'm thinking of using base64, however.

I'm also looking at the keytool functionality, but since the security
toolset differs in Java 1.1, I'm not sure this a good direction to go.

Comments?

Stefan Bodewig wrote:

> >>>>> "RV" == Roger Vaughn <rvaughn@seaconinc.com> writes:
>
>  RV> Perhaps we need a password storage utility similar to way cvs
>  RV> login handles things - encoding the passwords in a private file.
>
> You can't really talk of encoding with CVS (and the docs are quite
> clear about this).
>
> Apart from that, if you find a decent approach for that, make it
> reusable for SignJar, GenerateKey or whatever and submit it 8^).
>
> Stefan


Mime
View raw message